If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Sickness - Password Sniffing with SSLStrip.

Hi ! I've been trying this on my network, works like a charm ! Now, I wanted to know a few things :
- Is there a way to do this on multiple targets, or a range of targets, without different sessions ? I couldn't try with multiple computers running, so even with multiple session, will this work ? Will everything be written in the log (from all targets) or only one (at a time ?)
- If the previous works, is there a possibility to record in different logs ?
- Is there a way to redirect multiple ports or a range of ports to only one, or another range ? (in wich case, we could listen on different ports with sslstrip and have differents logs). I must confess I don't know anything about iptables, i'll try and dig into that.
- Can sslstrip listen on different/a range of ports?

I also wanted to understand why redirecting to 8080 ? I guess we redirect form port 80 because it is the common port used for internet connection right ? But why to 8080 ?
Could this work on a msn connection ? Log-in use ports 80, 443 and/or(?) 1863 ; to what port should I forward each of those for this to work ? A special one ? Any one ?

That's all I can think about now, and i know it's a lot to ask. I'll of course keep trying by myself and update my post if I success in any of those.

Thanks for your help !

PS: this is only for knowledge purpose (in case some don't like I mention msn...). If anything is not clear, sorry for my english, I try my best ^^. just ask and I'll try to better explain what I ask.

Re: Sickness - Password Sniffing with SSLStrip.

comaX, the answers to your questions:

Is there a way to do this on multiple targets, or a range of targets, without different sessions ? I couldn't try with multiple computers running, so even with multiple session, will this work ? Will everything be written in the log (from all targets) or only one (at a time ?)

the program sickenss uses for arp poisoning is arpspoof and, as far as I know, it only works with a single target. Another option for arp spoofing is ettercap, specifying a list (or range) of targets is no problem there. Just stick to command line, cause the GUI happens to be buggy. A good start would be:

And of course the manual! This covers the arp poisoning, as for sslstrip... you work with only one session as sslstrip works on all the traffic going through your listening port (8080 in the tutorial). It doesn't matter if this traffic comes from 1 target or 10. That's also why there will be one common logfile for all targets.

If the previous works, is there a possibility to record in different logs ?

Since the previous (attacking multiple targets) works, I'm going to answer this one the best I can... Yes, it is possible, but seeing as your questions are fairly basic, you definitely don't want to even think about trying to do this. Basically, you would have to edit sslstrip to keep a list of connections and log messages corresponding to different targets into different files. In my opinion it's not worth the trouble. Now, if for some reason I really really wanted to know which connection went with which target, I would either keep the ettercap logs and compare the connection times or try to tweak sslstrip so that the target IP is printed with every message logged.

OR the following...

Is there a way to redirect multiple ports or a range of ports to only one, or another range ? (in wich case, we could listen on different ports with sslstrip and have differents logs).

*Sigh* You really don't like the idea of a common logfile, do you? But it's a good question. I never needed this and honestly, never thought of a way to do it, but what comes first to my mind is to use two iptables policies for each target instead of one. So instead of:

The -s and -d flags let you specify the source and destination IP of the packets to which the policy applies. For each target, you would need a set of these two policies, with different ports for each target. Now I have never tried this so I have no idea if it will work. Nevertheless, it's worth a try.

Also, reading the man pages is usually the best first step you can make

I also wanted to understand why redirecting to 8080 ? I guess we redirect form port 80 because it is the common port used for internet connection right ? But why to 8080 ?

It doesn't matter, you can redirect to 8080, 1234, 666, 1337 or wherever you want to. Just be careful not to use a port which is already in use by another process.

Could this work on a msn connection ? Log-in use ports 80, 443 and/or(?) 1863 ; to what port should I forward each of those for this to work ? A special one ? Any one ?

I never cared about MSN, so I can't really help you with this one. Do people even use msn anymore?

Re: Sickness - Password Sniffing with SSLStrip.

the program sickenss uses for arp poisoning is arpspoof and, as far as I know, it only works with a single target

Well, it turns out it does not ! You just have to write "arpspoof -i <interface> <ip_host>" and it will work on every target on the network. It will show ff:ff:ff:ff:ff:ff is at 192.168.1.1, or something like that. (Very, very useful for public connections. Well, I guess... ;) )

About the multi logs, I gave a good thought, and it would be useless if the only goal is to sniff passwords. Anyway, thanks for the idea of how to do it with muliple iptables, I can still think of a way to use that.

For msn, it was just an idea passing by, I tried... and failed. It just didn't connect anymore or connected whitout logging anything. I must have done something wrong as I read on microsoft's site it was using ssl connection... Anyway,I really don't care other's msn password. As I said, it was for knowledge.(And,no, nobody uses msn anymore ^^)

For the manuals, I try and read them. For iptables it was just incomprehensible. I understand why we use what we use, but I also am unable to create my own or modify it in a way I'd want.

For the port already in use by another process, you mean on the target's machine ? For instance, if it's dowloading on port 6881, I can't forward to that port, right ?